Whether a user is entitled to execute an API call can be set in the API User template.
There are API templates to limit the access rights to certain API calls. These templates can be adjusted by the administrator user via the dashlet ‘template users’ on settings level. With this templates an API user can only have access to certain amount of calls that the client want to. The administrator user is responsible for managing the access rights to this API calls. The integration partner is responsible for the communication with the client regarding the limitation of the API calls. The advantage of the API template is that all templates can be customized. We strongly advise you to name every template by integration or client and to create a new template for each integration in order to keep track of these templates.
To set up API templates an accountant login is needed. This accountant login should have write access to the ‘template users’ dashlet.
What is the functionality of the API template?
The API templates (from accountant and company level) are being activated in advance with full rights. This means that the administrator user should limit the rights, if they or their client want that the API user has customized rights. The API calls can be limited on employee services, company services and debtor services. The administrator user can limit the API calls by making it active or inactive, see screenshot below. After making the API call active or inactive, it is immediately applicable to the user accounts with the corresponding template.
When the API call is turned inactive, you will get the error code: "1002 Unauthorized Access" This means that you don’t have enough access rights for the API call. The accountant administrator should review and decide if you can have more access rights.
Regardless the kind of integration you are building, you will have to make some decisions before integrating with Nmbrs. Nmbrs is a payroll system that has its own structure and logic behind it. Make sure you understand the different levels, and that you know that there are some integration scenarios with the relevant API calls. Please find the integration scenarios on: